Check Details

• Resource: EC2 Instance
• Check: Enable EC2 instance deletion protection
• Risk: Accidental termination of critical EC2 instances

Remediation via AWS Console

1. Log in to the AWS Management Console and open the Amazon EC2 console.
2. In the left navigation pane, click Instances and select the EC2 instance where deletion protection is not enabled.
3. Click Actions → Instance settings → Change termination protection.
4. Choose Enable and click Save.

Remediation via AWS CLI

1. Log in to the AWS Management Console and click the CloudShell icon (>_) in the top-right corner.
2. Identify the EC2 instance ID:

   
   
   aws ec2 describe-instances --query "Reservations[*].Instances[*].InstanceId" --output table
   

3. Enable deletion (termination) protection:

   
   
   aws ec2 modify-instance-attribute --instance-id <instance-id> --disable-api-termination
   

4. Verify deletion protection is enabled:

   
   
   aws ec2 describe-instance-attribute --instance-id <instance-id> --attribute disableApiTermination